4434.exe

First submission 2024-08-27 18:03:02 Last sumbission 2024-09-01 19:36:36

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 413.0 KB (422912 bytes)
Compile time: 2024-07-30 16:49:30
MD5: 607c413d4698582cc147d0f0d8ce5ef1
SHA1: c422ff50804e4d4e55d372b266b2b9aa02d3cfdd
SHA256: 46a8a9d9c639503a3c8c9654c18917a9cedbed9c93babd14ef14c1e25282c0d5
Import Hash : 95d4113c25a148a48f2688574ed71076
Sections 5 .text .Bqq .rdata .data .reloc
Directories 4 import debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 62/79 VT report date: 2024-08-06 03:17:00
Malware Type 1 trojan
Threat Type 3 stealc zusy lummastealer

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.117/inc/4434.exe VirusTotal Report 185.215.113.117 VirusTotal Report 2024-09-01 19:36:38

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2769f 161792 fc3d492dda425da1a0f532d4057fe7882e9277b9 efc60c173d2e0890eaea9537de7249c9
.Bqq 0x29000 0x8e5 2560 e0a322455b39130d85bfdce66b9f2c377b0ea76c d8b1d71cd2ca0effa99e1eb7bda93d50
.rdata 0x2a000 0xb872 47616 2c9ac2056af3deafe590839b7c6738b936b97f64 6c581dc79db57d975d62347d8181167b
.data 0x36000 0x31f74 200704 9e632f6182f817f982deb52764ca9819dc0ece76 13436ac829a4c1ecc6e7d7eb6953d38f
.reloc 0x68000 0x2334 9216 f35973dffc0d8cb8e5694161b1ec7a234a30a131 d0a22ec8925bcc2651ea7a02d2ca3b39

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
343dsxs.exe 2024-09-01 19:38:40 7b0a50d5495209fa15500df08a56428f
300.exe 2024-09-02 00:39:02 4e87a872b6a964e93f3250b027fe7452